Can You Smell a Phish?

The latest fad in email scams is spear-phishing: deceptive emails highly targeted and carefully crafted to fool even the best anti-phishing technology. A savvy human being can still spot spear-phish reliably, but it’s getting more difficult as scammers refine their craft. Here’s is a little test you can take to see if you’re smarter than modern phish...

Can You Identify Phishing Scams?

Websense offers a two-minute challenge called Operation Spear Phish in which you review six real-life emails and decided which are phish and which are not. The test even gives you two clues about each email. The timed aspect of the test precludes “cheating” by consulting others or searching online.

One of the phish is obvious: an email from a stranger in Lithuania requesting your help in moving some money. This is the classic Nigerian 419 spam; few geeks fall for it these days, but occasionally the Internet laughs at a lawyer, banker, or other presumably smart professional who does.

Other phish in the test require a peek at what’s under the surface of an email. Hovering the cursor over a highlighted word that indicates a clickable link will reveal the underlying URL. Clues in a URL can tip you that something is wrong; for instance, if the URL’s domain is some server in a foreign land but the email is supposedly from a U.S. firm. Some servers are infamous as hosts of scammers; if you know the most popular rogue servers, you can spot them in a hidden URL.

Still other spear phish attempts are just a little bit off in their text. “Dear valued customer” is not how Paypal addresses me; it uses my registered first and last names to assure me that an email is really from Paypal. It's also common for to find awkward English phrasing, poor grammar and spelling mistakes in phishing emails.

Getting To Know You

Spear phishing is so called because it is highly targeted, often going after a specific individual rather than a broadly defined group or random population. A scammer may know that you, John Doe, bought a plane ticket to Canberra, Australia, on the 19th of last month. Such details tend to lull readers into believing, “Yeah, no scammer could know that, it must be legit.” But they do know.

How? Probably because you told them and everyone else on Facebook, Twitter, or some other social media site. “I just bought a ticket to Canberra, Woo-Hoo!” Don’t do that; you never know who may be reading. If you get a social media "friendship" request from someone you've never heard of, be on guard. You even have to look carefully at the link before you click.

If you must share your personal business, share it only with real-world friends you can trust. Learn how privacy settings of your social media sites work and adjust them to keep strangers from reading what strangers should not know. Remember that social media sites make more money the more data their users share, so the default privacy settings may not be designed to prevent spear phishing.

Hello, Your Name Is...

Another source of information for spear phishers is the massive data breaches that are happening all too often lately. The recent breaches of security at Target Corp, Neiman Marcus and other retailers affected tens of millions of people, and revealed not just debit and credit card data, as first reported. The hackers also obtained names, mailing addresses, phone numbers and email addresses for many of those customers affected.

So you can imagine how easy it would be for a scammer to craft an email that was addressed to you by name, mentioned some of these personal details, and asked you to click to verify the activity on your credit card. Here's an example:

Your local Citibank branch in Midland, TX has noticed some unusual actiivity on your credit card account ending in 4820. We tried calling you earlier at 555-685-1478, but couldn't reach you. Please Click here as soon as possible to login to your account and let us know if all recent transactions are valid.

Internet Explorer, Firefox, and Google Chrome browsers will warn you if the website you're trying to visit is suspected of phishing or known to harbor malware. Your anti-virus software may catch the attack if you do end up on a rogue site. But there's no guarantee that the lists of malicious sites will be 100% up to date, nor can you rely on your anti-virus to catch every variant of newly appearing malware.

To protect yourself against spear phishing, you must pay closer attention to every email even if it's apparently from a trusted source, or a company you regularly deal with. If the email makes an unusual request, such as "verifying" login credentials, it may well be a phish. And remember, the presence of personally identifying details in the email is no guarantee that it is legitimate.

Most browsers and email clients will display the URL of a link if you hover your mouse over it. Look for misspelled URLS that won't take you where they suggest they will. For example, faecbook.com is an entirely different domain from facebook.com. Even better, use a bookmark to reach the site in question, or key in the web address by hand.

Have you or anyone you know been victimized by spear phishing? Post your comment or question below...

Most recent comments on "Can You Smell a Phish?"

Posted by:
PDSterling
30 Jan 2014

well, I only batted 500 on the quiz, but all of the communications were UCE IMHO, so they are considered annoyances by me. FWIW.

Posted by:
Mike Strickland
30 Jan 2014

I have little sympathy for those who get HTML mail and then get into trouble with it. People are too caught up in all the glitter that can be added to email, to be concerned about the trouble they can get into because of that glitter.

Wise thing is to cut your chances of trouble to almost nil by using straight up text for email - email as it was designed to be.

Text prevents hiding a link to a dangerous site behind innocent text. No need to hover over it to see what the link is - simply previewing the email will expose the true link.

Sure, email headers can be built to make an email look like it came from someplace you trust, but the links within plain text show it for what it is, immediately.

Posted by:
Carole
30 Jan 2014

Recently I received an email from someone that pretended to be a friend of mine. They claimed to be in England and needed some money. I emailed the person back, asking for their home address. Never heard from them again. I shouldn't have acknowledge them, but I couldn't resist. Never heard from them again.

Posted by:
yog
30 Jan 2014

Dear Bob,, I have learned how to protect my personal informations & keep on running my computer safe & sound from scammers. I read your articles regularly every day. When I open my email & I see some addresses not known to me I just click Delete period. Thanks Bob ..keep the good work.

Posted by:
Dr Jan A Bergeron
30 Jan 2014

I have the luxury of having multiple e-mail addresses, which are generally @ domains I own and use for professional purposes. I only use one e-mail address for personal stuff like banking or registering on commercial sites (e.g., Amazon, PayPal, etc). I've found this beneficial when sorting the wheat from the chaff. If I get a very official looking e-mail from PayPal addressed to one of my other e-mail addresses, I know immediately that it is junk.

I also set up special e-mail addresses for use on social sites, even though I don't use those sites very often. Otherwise, I agree that you cannot be too careful. When it comes to e-mail, I tend to be overly suspicious. So far, I haven't been burned. I almost got caught with a phishing e-mail that purported to be from Dropbox, but caught it in time. The one recommendation I can make is never click a link in an e-mail, no matter how legit it looks. Go directly to the site, log in and see if you have a message—that's the safest way.

I live in a retirement community and manage a discussion list for neighbors. I'm also the local "go-to" person for computer issues. It never ceases to amaze me how gullible highly-intelligent, well-educated people can be.

Posted by:
Jean
30 Jan 2014

We have a neat little programme called mailwasher,you can get the free version or the paid version and it lets you preview the first few lines of the email, you can either add the email to your friends list or the blacklist, when you blacklist it any other emails that come in from that site are marked in red as blacklisted and you just delete them.It certainly has cut down on all the junk that is out there. thanks for the info Bob Jean Cameron

Posted by:
john
31 Jan 2014

Now you have me thinking Bob. Does my habit of right-clicking on the email and selecting "view full header" or in hotmail " view message source", which as you know gives a fair chance to see if one recognizes it as friendly, compromise me? Best regards, john.

Posted by:
Pamela
31 Jan 2014

If I get an email from a company and want to check out the info, I go to the company's website or call the 800 number. Although I like the idea of plain text emails!

Posted by:
salim
31 Jan 2014

"social media sites make more money the more data their users share"
& that's why i only go into social media only enough to check what i need & don't hover, neither leave the page open; the more the site recognizes it's still active, the more money they're making from me, so as soon as i'm done, i close the page.
on another related note, don't how many of you have received an LinkedIn email with a part of the email asking to you to "click here to CONFIRM you know this person". I treat that message as phishing, since the classic way for linked in to have you connect to someone new, is to 1st give you the opportunity on the same message to click on the person's profile.
but maybe someone or bob can confirm this, or validate that both these messages seem to be legit..

Posted by:
wyndial
31 Jan 2014

Well this senior citizen scored 4/6 but since I chose phishing twice on stuff that's just advertising anyway I don't care that it's non-phishing...I don't need to read it!!!!!

Posted by:
j b spence
01 Feb 2014

Since 1995 I have used an email forwarder(pobox.com) ... this allows me to change ISPs w/o losing my email address (e.g., my email address stays the same no matter what ISP I use).

Another thing pobox.com does is to allow you to filter sources of incoming emails. They have a heuristic filter as well as filter by countries - there is a default setting as well.

You can reject, ignore or hold emails and pobox sends your list of spammed stuff every day. The annual fee is on $15. AND they forward your email very rapidly ... no delays.

Hope this helps ...
jbs/

Posted by:
LindaSView
05 Feb 2014

John and Bob:
I too always right click a suspicious email and view the source. Right at the top is the indicator for whether it's real or not when it fails the smart filter's test with either have "None" "None" under SID or "Fail", "Fail". However,the "sniff test", as I call it, can give a false positive. So, I also take the full mime header, especially in ones where the phisher was too lazy to anonomyze the server info and run it through a neat program called "IP NetInfo". I donate about six hours a week tracking down the phishers and reporting them. Alot of my phishing emails are coming out of Belarus and now, I am even more appalled at how the Health and Human Services Department, outsourced some of the programming work for the federal Healthcare.Gov website to programmers in Belarus, where a number of phishing rings have been caught! One can only inmagine what is lurking in the .dll files of the healthcare web site!Much more attention has to be put on this issue as just look at the information this country-Belarus- and some nefarious agencies could have on us! Just more to worry about and wonder, "How the heck could this have happened"!
LindaSView

Post your Comments, Questions or Suggestions

* Name:
* Email:
(* = Required field)

(Your email address will not be published)

Comments: (you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.